Every now and then you will have to pass data to a webpage or service using a URL, for example in a GET request. This is pretty easy, since URLs are basically just text strings, but things can sometimes get complicated. For example, some characters have a special meaning in URLs (like
:), and some characters aren't allowed at all (like space). Sometimes you even need to encode a URL in another URL!
In this tutorial, you'll learn why you need to encode or decode strings to be passed in URLs and how to use the built-in PHP functions to do so.
Why Encode and Decode Strings to URLs
Perhaps you want to pass some info as query parameters to a web service or another web page. Say, for example, you want to send the following data to a website as a query string:
That information would be encoded in the following query string:
Notice that the special characters like
/ in the "redirect" URL have been encoded as
%2F to avoid interfering with the structure of the overall URL. This is called escaping, and that's where the encoding functions come in.
The server at example.com will receive that encoded information in the query string and will probably need to decode it later. That's where URL decoding is important.
Encoding Strings With
There are two different functions in PHP for encoding strings in URLs. These are called
rawurlencode(). The major difference between these two is the set of characters they encode and how they handle spaces.
In the case of
urlencode(), the function replaces all other non-alphanumeric characters except
. with a percent sign followed by two hex digits. Any spaces are replaced with the
+ character. On the other hand, the
rawurlencode() function replaces all other non-alphanumeric characters except
~ with a percent sign followed by two hex digits. This function also replaces spaces with a percent followed by two hex digits:
The following example should clear things up a bit for you.
<?php $string = 'PHP: Hypertext Preprocessor!'; $urlencoded_string = urlencode($string); echo $urlencoded_string; Output: PHP%3A+Hypertext+Preprocessor%21 $rawurlencoded_string = rawurlencode($string); echo $rawurlencoded_string; Output: PHP%3A%20Hypertext%20Preprocessor%21
As you can see, non-alphanumeric characters like
= were encoded in the same manner by both the functions. However, the
urlencode() function changed
php basics to
rawurlencode() changed it to
In general, it is a good idea to use
rawurlencode() to encode all your strings into URLs. There are a couple of reasons for that. First, the
Decoding Strings From URLs With
This basically means that all sequences which contain a percent sign followed by two hex strings will be replaced with their proper characters. The
urldecode() function will change the
+ symbol to a space character, and
rawurldecode() function will leave it unchanged.
Here is an example to illustrate the difference.
<?php $urlencoded_string = 'PHP%3A+Hypertext+Preprocessor%21'; echo urldecode($urlencoded_string); //Output: PHP: Hypertext Preprocessor! echo rawurldecode($urlencoded_string); //Output: PHP:+Hypertext+Preprocessor! $rawurlencoded_string = 'PHP%3A%20Hypertext%20Preprocessor%21'; echo urldecode($rawurlencoded_string); //Output: PHP: Hypertext Preprocessor! echo rawurldecode($rawurlencoded_string); //Output: PHP: Hypertext Preprocessor!
In the above example, we have used the decoding functions to decode the strings we encoded in the previous example. The
$urlencoded_string variable has the space character changed to
+. Using the
urldecode() function on this string changes it back to the space character. However, the
rawurldecode() function leaves it untouched.
$rawurlencoded_string variable has the space character converted to
%20, which is handled the same way by both
It is important to be careful about the function that you use for decoding an encoded string because the final result may vary depending on what you used to originally encode it.
Our focus in this tutorial was to teach you how to encode and decode strings in URLs in PHP. We started with the need to encode and decode strings in URLs and then provided a brief overview of four different functions to do it.
As I mentioned earlier, the safest bet is to use
rawurldecode() everywhere. This will ensure consistency in your code as well as compatibility with other languages that use the new scheme of encoding and decoding strings in URLs.